What To Do When Your Debit/ATM Card Number Is Stolen
2008 Consumer Fraud and Identity Theft Complaint Data (FTC)

Experian Sues LifeLock

Last week, things really heated up in the credit monitoring and identity theft industry. Forbes magazine reported that Experian, one of the three major credit bureaus, had filed a lawsuit in California against LifeLock. According to the news report, Experian accused:

"... LifeLock of placing bogus 90-day fraud alerts on hundreds of thousands of credit files maintained by Experian. In the complaint, Experian says it has suffered "millions of dollars" in damages from being forced to process large numbers of initial fraud alerts and mail mandatory notices to customers."

What? Bogus fraud alerts? An increasingly large number of fraud alerts should not be a surprise to anyone in the identity theft/fraud business, given the steady number of corporate data breaches. 2007 was a record year with corporate data breaches. Depending upon the source you use (e.g., Attrition, the Identity Theft Resource Center, or Privacy Rights Clearing house), the number of records lost or stolen in 2007 ranged from 49 to over 100 million. Any source you pick documents an increase in data breaches in 2007 over 2006.

It seems to me that an increasing number of consumers are starting to read and follow the advice available in industry products and services. One of the first steps after a data breach or identity theft event is for the consumer to place a Fraud Alert on their credit reports. This was one of the first steps I took after my data was "lost" (probably stolen) during the February 2007 IBM data breach incident, along with the sensitive data of thousands of current and former IBM employees. Some consumers are willing to pay for convenience; to pay for a service to help them protect their sensitive personal data.

The Forbes news story goes on to report:

"Experian claims that LifeLock keeps its clients' files in a perpetual state of alert by repeatedly "crying wolf" on behalf of its clients. Its suit questions whether LifeLock has the legal right to request the 90-day alerts, which it maintains are meant to be placed only by individuals who have a reasonable suspicion that fraudulent activity has occurred."

Perpetual state of alert? Come on, Experian. That seems to be a far overstatement of the situation.

When a company suffers a data breach and loses the sensitive personal data of employees, former employees, and/or customers the risk of identity theft and fraud doesn't disappear in a few months. The risk doesn't dissolve when the company issues a press release claiming, "there's no evidence that the data was stolen."

The consumers' sensitive data is out there... period... permanently. So, we consumers are forced to continually monitor our accounts and our credit reports for theft, abuse, or unauthorized access... permanently. We consumers are learning to better protect our sensitive personal data. Establishing repeated fraud alerts is one tool; a first step.

The Forbes article also reports:

"In the suit, Experian also charges that LifeLock has used false and misleading advertising to entice consumers into buying its protection, and is exploiting the system by acting as a middleman for services that the credit companies are required to provide to consumers for free, including annual credit reports, removal from mailing lists and fraud alerts."

That may be. I am not a subscriber to LifeLock since I have done by myself the identity-theft deterrence steps LifeLock charges a fee for. I must admit that LifeLock's advertising is everywhere... on radio, television, print ads, and around the web at social bookmarking sites. LifeLock seems to be doing a better job of promoting their service than Experian does of promoting its Family Secure credit monitoring service.

In his blog The Dunning Letter, Jack Dunnning wrote this about Experian:

"Back in August of 2005, the Federal Trade Commission settled a case with Experian Consumer Direct, a subsidiary of the credit bureau, for deception in advertising “free credit reports” by failing to add the customer would be automatically signed up for credit monitoring services costing $79.95 each year. The FTC ordered Experian to give up $950,000 of its “ill-gotten gains."

Regarding deceptive advertising, Experian's history is not squeaky clean either.

I wonder if Experian sees the handwriting on the wall. As more consumers "lock down" their credit reports with Security Freezes, it becomes harder for credit bureaus like Experian to make the same profit amounts by selling only credit reports to potential lenders and creditors. Consumer credit reports with Security Freezes on them are credit reports Experian (and the other two credit bureaus) can't sell to potential lenders.

Combine this with the trend by more consumers to opt out of pre-approved credit offers, and the market for credit reports has to be negatively affected. So, to make the same profit amounts, Experian probably recognizes that it has to expand into new markets for more revenues. One of those new markets is the growing credit monitoring services market.

Fortunately for consumers, there are many choices today for a credit monitoring service. A consumer can monitor their credit report on their own, or subscribe to a credit monitoring service. These services are available from banks, credit card companies, credit bureaus, and independent companies... like LifeLock.

The wide range of choices is good for consumers, but is probably viewed negatively by Experian. The credit monitoring services market is filled with competitors offering a variety of services because the rise of identity theft has changed the marketplace. Consumers are slowly becoming educated about the scams, threats, and the value of theft-deterrence solutions. And companies have rushed to meet that need.

Consumers have also begun to realize that they want more control over who has access to their credit reports. The Security Freeze tool is a key tool for consumers to exercise control over their credit reports. The Security Freeze tool seems far stronger and more secure than the Fraud Alert tool. Starting with California in 2003, many states passed laws giving consumers the right to this Security Freeze tool. By the end of 2007, all three credit bureaus offered the Security Freeze tool nationwide, without waiting for states to pass more legislation.

So, the identity theft marketplace is changing at a fairly rapid pace. Previously, Experian competed against 2 other credit bureaus (e.g., Equifax and TransUnion) to sell consumers' credit reports. Now, Experian has a whole new set of competitors who offer credit monitoring services similar to Experian's credit monitoring service.

Is the lawsuit only about false/deceptive advertising? Maybe. But it may also be about intimidating or limiting competition, given the rapidly changing identity theft/fraud marketplace. What do you think?


Feed You can follow this conversation by subscribing to the comment feed for this post.


I was glad to read that Experion is tasting a bit of its own medicine. The consumer has been playing at such a disadvantage for so long — and still is.

For example, I was amazed to learn that, while the three credit bureaus owe you a free credit report once a year, you must PAY to learn your all-important credit score. Meanwhile businesses, banks and lenders of all kinds have access to this number. And make lending decisions based on it. No wonder there's such a consumer credit crisis going on! We are kept in deliberate ignorance of the basic tools that determine our financial lives — unless we know enough to ask the right questions, and feel like paying for them.

The unsophisticated consumer doesn't stand a chance against these guys.


Experian Credit report should be free every time is needed, they don`t even have they workers inside the US, this company is outside the US paying bad salaries and getting millions...



Are your comments your opinions or facts? If faacts, please provide a link to the website(s) with your sources. What source stated that Experian doesn't have any workers in the US? That doesn't seem right. What source documents your claim about bad salaries?


The comments to this entry are closed.